Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-8428
Received
More InfoOfficial Page
Source-ff5b8ace-8b95-4078-9743-eac1ca5451de
View Known Exploited Vulnerability (KEV) details
Published At-21 May, 2026 | 21:16
Updated At-21 May, 2026 | 21:16

Concrete CMS 9.5.0 and below emits a CSRF token in the local_available_update.php view ($token->output('do_update')) but the corresponding do_update() method in concrete/controllers/single_page/dashboard/system/update/update.php never calls $this->token->validate('do_update'). The form is rendered as a POST form, meaning the token reaches the browser, but because the controller discards it without verification, an attacker can craft a cross-site POST that triggers a core CMS update to an attacker-specified version string.  In order to be vulnerable, theictim must be passing canUpgrade()anda valid update version must be present under DIR_CORE_UPDATES. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 7.5 with vector CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N. Thanks https://github.com/maru1009 for reporting.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.07.5HIGH
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-352Secondaryff5b8ace-8b95-4078-9743-eac1ca5451de
CWE-829Secondaryff5b8ace-8b95-4078-9743-eac1ca5451de
CWE ID: CWE-352
Type: Secondary
Source: ff5b8ace-8b95-4078-9743-eac1ca5451de
CWE ID: CWE-829
Type: Secondary
Source: ff5b8ace-8b95-4078-9743-eac1ca5451de
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://documentation.concretecms.org/9-x/developers/introduction/version-history/951-release-notesff5b8ace-8b95-4078-9743-eac1ca5451de
N/A
Hyperlink: https://documentation.concretecms.org/9-x/developers/introduction/version-history/951-release-notes
Source: ff5b8ace-8b95-4078-9743-eac1ca5451de
Resource: N/A
Change History
0Changes found
Details not found